diff --git a/libwvdrmengine/cdm/core/include/wv_cdm_types.h b/libwvdrmengine/cdm/core/include/wv_cdm_types.h index f2daa492..15fd82c7 100644 --- a/libwvdrmengine/cdm/core/include/wv_cdm_types.h +++ b/libwvdrmengine/cdm/core/include/wv_cdm_types.h @@ -606,6 +606,7 @@ enum CdmClientTokenType : int32_t { kClientTokenOemCert, kClientTokenUninitialized, kClientTokenBootCertChain, + kClientTokenDrmReprovisioning, }; // kNonSecureUsageSupport - TEE does not provide any support for usage diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp index a1748912..d2622086 100644 --- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp +++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp @@ -754,6 +754,7 @@ CdmResponseType CdmEngine::QueryStatus(RequestedSecurityLevel security_level, } switch (token_type) { case kClientTokenDrmCert: + case kClientTokenDrmReprovisioning: *query_response = QUERY_VALUE_DRM_CERTIFICATE; break; case kClientTokenKeybox: diff --git a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp index 256f7b99..1168d5a3 100644 --- a/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp +++ b/libwvdrmengine/cdm/core/src/certificate_provisioning.cpp @@ -169,6 +169,8 @@ CertificateProvisioning::GetProvisioningType() { return SignedProvisioningMessage::PROVISIONING_40; case kClientTokenOemCert: return SignedProvisioningMessage::PROVISIONING_30; + case kClientTokenDrmReprovisioning: + return SignedProvisioningMessage::DRM_REPROVISIONING; default: return SignedProvisioningMessage::PROVISIONING_20; } diff --git a/libwvdrmengine/cdm/core/src/client_identification.cpp b/libwvdrmengine/cdm/core/src/client_identification.cpp index 08f252d9..4a12df50 100644 --- a/libwvdrmengine/cdm/core/src/client_identification.cpp +++ b/libwvdrmengine/cdm/core/src/client_identification.cpp @@ -384,6 +384,8 @@ bool ClientIdentification::GetProvisioningTokenType( video_widevine::ClientIdentification::BOOT_CERTIFICATE_CHAIN; return true; case kClientTokenDrmCert: + // TODO: b/305093063 - Add token for DRM reprovisioning requests. + case kClientTokenDrmReprovisioning: default: // shouldn't happen LOGE("Unexpected provisioning type: %d", static_cast(token)); diff --git a/libwvdrmengine/cdm/core/src/license_protocol.proto b/libwvdrmengine/cdm/core/src/license_protocol.proto index 9366687d..35e61e4a 100644 --- a/libwvdrmengine/cdm/core/src/license_protocol.proto +++ b/libwvdrmengine/cdm/core/src/license_protocol.proto @@ -1026,6 +1026,8 @@ message SignedProvisioningMessage { ARCPP_PROVISIONING = 4; // ChromeOS/Arc++ devices. // Android-Attestation-based OTA keyboxes. ANDROID_ATTESTATION_KEYBOX_OTA = 6; + // Certificate reprovisioning for internal L3 CDMs only. + DRM_REPROVISIONING = 7; INTEL_SIGMA_101 = 101; // Intel Sigma 1.0.1 protocol. INTEL_SIGMA_210 = 210; // Intel Sigma 2.1.0 protocol. } @@ -1270,6 +1272,9 @@ message DrmCertificate { DEVICE = 2; SERVICE = 3; PROVISIONER = 4; + // Only used by baked-in certificates with internal L3 CDMs that support + // Drm Reprovisioning. + DEVICE_EMBEDDED = 5; } enum ServiceType { UNKNOWN_SERVICE_TYPE = 0; diff --git a/libwvdrmengine/cdm/core/src/system_id_extractor.cpp b/libwvdrmengine/cdm/core/src/system_id_extractor.cpp index edfdd3f0..b3cc7473 100644 --- a/libwvdrmengine/cdm/core/src/system_id_extractor.cpp +++ b/libwvdrmengine/cdm/core/src/system_id_extractor.cpp @@ -59,6 +59,8 @@ bool SystemIdExtractor::ExtractSystemId(uint32_t* system_id) { bool success = false; switch (type) { case kClientTokenDrmCert: + // TODO: b/305093063 - Extract system id when handling DRM reprovisioning. + case kClientTokenDrmReprovisioning: LOGW( "Cannot get a system ID from a DRM certificate, " "using null system ID: security_level = %s", diff --git a/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp b/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp index e857ab6e..ad5b61e7 100644 --- a/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp +++ b/libwvdrmengine/cdm/core/src/wv_cdm_types.cpp @@ -74,6 +74,8 @@ const char* CdmClientTokenTypeToString(CdmClientTokenType type) { return "BootCertChain"; case kClientTokenUninitialized: return "Uninitialized"; + case kClientTokenDrmReprovisioning: + return "DrmReprovisioning"; } return UnknownValueRep(type); }